Developing Secure Applications in Java

TAGS

Author

Gabriela Grosu

We will begin this article by some general considerations regarding security. Thus, the aim of computer security is to protect the information stored on them against theft, corruption or natural disasters while accessing it. Security must be understood as a compromise solution. For instance, the best way to create a completely secure application on the Internet is not to connect it to the Internet.

One of the most important aspects of security is confidentiality, which represents hiding the information sources. The mechanisms used for ensuring confidentiality are: encrypting, using passwords and access control (giving access to resources to a limited number of people).

Another aspect is integrity, which means that the data is protected against unauthorized alterations. This is usually ensured by authentication. The user must provide credentials (username and password). Moreover, the detection systems should be used in case the authentication system fails. This system is made of access logs and analysis patterns.

A last aspect is availability, which represents the ability to use a system or a resource when needed.

The easiest way in which a system is vulnerable is represented by the attacks of denial of the services. They block the user’s access to the system or reduce the performance level of the system. The system should be so flexible as to detect these attacks and respond to them.

Security aspects at software level

Any system containing private information is very likely to become a target for the attackers. Some of the fundamental concepts of security are:

Secured APIs: it is much easier to conceive a secure code right from the beginning. The attempt to secure existing code is difficult and it generates errors.

Duplication: duplicate code may not be consistently treated on copying. Furthermore, it also breaches the Agile programming principle, Don’t Repeat Yourself (DRY).

Limiting preferential claims: if the code operates with limited privileges, then default exploitation is most likely to be prevented.

Trust boundaries: establishing the limits between the different parts of the application. For instance, any data that come from a web browser into a web application must be checked before being used.

Security checking: carrying out security checking in a few defined points and returning an object that the client code retains, so that there will be no further need of subsequent checking.

Encapsulation: using interfaces; the fields should be private and accessories should be avoided.

Types of security threats

We can divide the threats into the following categories:

Injection and inclusion

Resource management (buffer overflow, denial of service)

Private (confidential) information

Accessibility and extensibility

Mutability

Injection and inclusion represent an attack which determines a program to interpret the data in an unexpected way. Therefore, any data coming from an uncertain source must be validated. The main forms of attack are:

In this code, the programmer tries to print the results when two values do not match. The problem appears when a formed string is sent instead of a month. The attacker can figure out the year, for instance, when a card becomes out of date.

From the point of view of resource management, we have:

buffer overflows: copying an input buffer into an output buffer without checking the size. Its result is the fact that an attacker can run code outside a normal program. Java is immune to this type of attack, as it owns an automated management of memory.

denial of service: it is still possible in Java, through the inadequate usage of resources. Here are a few examples of potential denial-of-service attacks:

zip bomb: a zip file that is relatively small, but includes many other zips in it. Unzipping the files can block the processor and it can engulf a big storage space. As a protection measure we can limit the size and processing that can be done inside a resource such as this.

billion laughs attack: if we are using the DOM API for a XML file, we must upload the entire file into the memory. Such an attack can engulf the entire memory.

Path: is a language for interrogations and crossings of XML files. Some interrogations can be recursive and can return a bigger volume of data than the one expected.

Object Graph: an object graph is built by parsing a text or a binary stream; it can require much more memory than the original data.

The system should not provide the potential attackers with the exact location of the configuration file of the application.

Confidential information should be available to reading only in a limited context; they should not be available for manipulation; users should be provided only with the information they need; the information should not be hard coded in the sources.

Private data should not be included in exceptions of log files. Also, we shouldn’t hard code the username and password into the source code. We should use an attributes file in order to store this type of information.